API

API changelog

This changelog provides an overview of the recent changes made to the Payabli APIs.
March 16, 2026

Input validation for achHolder in TokenStorage

The Save a payment method and Update a payment method endpoints now validate the achHolder field. The API returns a 400 Bad Request if the value doesn’t meet the following rules:

  • Allowed characters: Letters, numbers, spaces, hyphens, apostrophes, and periods
  • Length: 2–100 characters
  • Pattern: ^[A-Za-z0-9\s\-'.]+$

Requests with special characters like ~!@#$%^&*() in achHolder are now rejected.

Service fee configuration fields added to paypoint credentials

We’ve added three fields to the credentials object in the GET /Paypoint/{entry} response. These boolean fields expose the paypoint’s service fee configuration:

  • GreaterValueAllowed — Whether a customer fee greater than the configured service fee is allowed.
  • AbsorbDifference — Whether the paypoint absorbs the difference between the configured service fee and the actual fee charged to the customer.
  • AllowOverride — Whether the configured service fee can be overridden at the transaction level.

Added StatementEmail to paypoint details response

The GET /Paypoint/{entry} endpoint response now includes a StatementEmail object in the Paypoint data. This object lets you see how billing statement emails are configured for a paypoint.

The StatementEmail object contains:

  • Sender: The email address that statements are sent from. Always uses a Payabli domain. If null, noreply@payabli.com is used.
  • Recipients: A list of email addresses that receive billing statements.

The field is null if statement email hasn’t been configured for the paypoint.

See Get paypoint details for the full response schema.

Autogenerate bank account accountId

When you create or update a bank account in the bankData object without providing an accountId, Payabli now generates one automatically. The generated format is acct-{first_digit}xxxxx{last_4_digits}, based on the accountNumber field. The mask always uses five x characters regardless of account number length. For example, account number 123456789 produces acct-1xxxxx6789.

If a generated accountId would duplicate an existing one within the same service at the paypoint, the system appends a numeric suffix to keep it unique (for example, acct-1xxxxx6789-2).

The bank account’s accountId is also used as the identifier for its associated payment connector. This means the accountId you see in the paypoint’s credentials array matches the accountId of the linked bank account.

When you provide a custom accountId, Payabli doesn’t autogenerate one.

Affected endpoints

Reissue payout transactions

You can now reissue a payout transaction with a different payment method using the new Reissue payout endpoint.

Use POST /MoneyOut/reissue when a payout can’t be completed with the original payment method. For example, if a virtual card expires before a vendor redeems it, or an ACH payment is returned by the bank, you can reissue the payout as a check, ACH, or virtual card.

The original transaction must be in Processing or Processed status. The endpoint creates a new transaction and links it to the original through the event history. The original transaction gets a “Reissued” event, and the new transaction includes a reference back to the original.

For details on which payment methods you can reissue to and how the process works, see Reissue payouts with the API.